Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-10937

  • EPSS 0.32%
  • Veröffentlicht 08.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 02:45:07

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

7.8

CVE-2019-9854

  • EPSS 0.76%
  • Veröffentlicht 06.09.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:52:26

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script...

7.5

CVE-2019-16056

  • EPSS 0.58%
  • Veröffentlicht 06.09.2019 18:15:15
  • Zuletzt bearbeitet 21.11.2024 04:29:57

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple...

9.8

CVE-2019-14813

  • EPSS 8.45%
  • Veröffentlicht 06.09.2019 14:15:15
  • Zuletzt bearbeitet 21.11.2024 04:27:24

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable se...

6.4

CVE-2019-15946

  • EPSS 0.05%
  • Veröffentlicht 05.09.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:47

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

6.4

CVE-2019-15945

  • EPSS 0.06%
  • Veröffentlicht 05.09.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:47

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

4.4

CVE-2019-15718

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.09.2019 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:19

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivile...

7.8

CVE-2019-14811

Exploit
  • EPSS 1.36%
  • Veröffentlicht 03.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:24

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disabl...

7.8

CVE-2019-14817

Exploit
  • EPSS 0.36%
  • Veröffentlicht 03.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:25

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could dis...

7.5

CVE-2019-12402

  • EPSS 0.38%
  • Veröffentlicht 30.08.2019 09:15:17
  • Zuletzt bearbeitet 21.11.2024 04:22:45

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi...